Evaluating New Copy-Prevention Techniques for Audio CDs J. Alex Halderman Princeton University Department of Computer Science.

Slides:

Advertisements

Similar presentations

Emerging Technology Assessment DRM by Group C3 Digital Rights Management.

Advertisements

Rob Farraher Ken Pickering Lim Vu

© Vera Castleman Software Grade 10. What is software? A program is a collection of instructions to do a job. Programs are collectively known as SOFTWARE.

1 The Sony CD DRM Debacle A case study of digital rights management.

DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 8. Cracking. Cracking Magnitude of piracy  All kinds of digital content (music, software, movies)  Huge economic repercussions.

A Study of the Secure Digital Music Initiative Brandon Sutler Vineet Aggarwal Sachin Kamath University of Virginia CS 551.

REDUNDANT ARRAY OF INEXPENSIVE DISCS RAID. What is RAID ? RAID is an acronym for Redundant Array of Independent Drives (or Disks), also known as Redundant.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 37 How iPods, iTunes, and Podcasting Work.

Slides prepared by Cyndi Chie and Sarah Frye1 A Gift of Fire Third edition Sara Baase Chapter 4: Intellectual Property.

The Downside to DRM. What is DRM? “Digital Rights Management” Software used to control access to copyrighted material Protect company from piracy.

Random Testing of Interrupt-Driven Software John Regehr University of Utah.

Software Copyright. Learning Objectives: By the end of this topic you should be able to:

Basic Business Statistics, 10e © 2006 Prentice-Hall, Inc. Chap 9-1 Chapter 9 Fundamentals of Hypothesis Testing: One-Sample Tests Basic Business Statistics.

File System Security Jason Eick and Evan Nelson. What does a file system do? A file system is a method for storing and organizing computer files and the.

Chapter 14 Recording and Editing Sound. Getting Started FAQs: − How does audio capability enhance my PC? − How does your PC record, store, and play digital.

1 Joe Meehean. 2 Testing is the process of executing a program with the intent of finding errors. -Glenford Myers.

Desktop Security: Worms and Viruses Brian Arkills, C&C NDC-Sysmgt.

Group members Pubudu Dissanayake Imesh Fernando Hasitha Dananjaya Kavindu Dewpura Prasad De Silva.

Confidence Intervals and Hypothesis Testing - II

Problem Analysis and Program Design

Open Source Software An Introduction. The Creation of Software l As you know, programmers create the software that we use l What you may not understand.

Chapter 13 Processing Controls. Operating System Integrity Operating system -- the set of programs implemented in software/hardware that permits sharing.

MP3 and MP4. How has MP3 transformed music? Where: MP3 can be use every where when we transfer into mp3 player, but if you don’t have a MP3 player, the.

Data Recovery Techniques Florida State University CIS 4360 – Computer Security Fall 2006 December 6, 2006 Matthew Alberti Horacesio Carmichael.

1 Higher Computing Topic 8: Supporting Software Updated

Computer Concepts 2014 Chapter 8 Digital Media. 8 Digital Audio Basics  Sampling a sound wave Chapter 8: Digital Media 2.

Digital Rights Management Maxim Fastovsky. What is DRM? DRM technologies attempt to control use of digital media by preventing access, copying or conversion.

Chapter 15 Recording and Editing Sound. 2Practical PC 5 th Edition Chapter 15 Getting Started In this Chapter, you will learn: − How sound capability.

Computer Security! Emma Campbell, 8K VirusesHackingBackups.

Chapter 13: Regression Testing Omar Meqdadi SE 3860 Lecture 13 Department of Computer Science and Software Engineering University of Wisconsin-Platteville.

Microsoft ® Office PowerPoint ® 2003 Training Playing sound [Your company name] presents:

Lecture 19 Page 1 CS 236 Online 16. Account Monitoring and Control Why it’s important: –Inactive accounts are often attacker’s path into your system –Nobody’s.

Shamil Hadi CIS Basic Information Game Title: Age of Empires II: The Conquerors Expansion Company & Author: Microsoft, Ensemble Studios Type of.

Computer Systems Week 14: Memory Management Amanda Oddie.

Deadlock Detection and Recovery

Software Defects.

Installing Linux. Module 1 – Installing Linux ♦ Overview This module introduces you to the hardware and software terminology necessary to install a Linux.

Evaluating New Copy-Prevention Techniques For Audio CDs John A. Halderman 2002 ACM Workshop on Digital Rights Management (DRM 2002) Available at

Fault Tolerance Benchmarking. 2 Owerview What is Benchmarking? What is Dependability? What is Dependability Benchmarking? What is the relation between.

Lecture 19 Page 1 CS 236 Online Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

 Music media for storing music has been constantly changing. Why? Companies have been trying to make it more convenient.

Scientific Debugging. Errors in Software Errors are unexpected behaviors or outputs in programs As long as software is developed by humans, it will contain.

Computer Security The World of Cyber Crime Presentation Details This presentation will explain the purpose of bypassing security or stealing information.

Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.

Evaluating New Copy-Protection Techniques for Audio CDs J. A. Halderman, 2002 ACM Workshop on Digital Rights Management (DRM 2002). Available at

"Most people, I think, don't even know what a rootkit is, so why should they care about it?" - Thomas Hesse, President of Sony's Global Digital Business.

The article collection PRIS F7 Fredrik Kilander. Content “On agent-based software engineering” Nick Jennings, 1999 “An agent-based approach for building.

Lecture 15 Page 1 CS 236 Online Evaluating Running Systems Evaluating system security requires knowing what’s going on Many steps are necessary for a full.

Digital Rights Management Maxim Fastovsky. What is DRM? DRM technologies attempt to control use of digital media by preventing access, copying or conversion.

نظام المحاضرات الالكترونينظام المحاضرات الالكتروني Main Memory Read Only Memory (ROM)

Digital Rights Management Zach Milko. Overview Definition Why it exists DRM Today  Fairplay Opponents of DRM  DefectiveByDesign.org Future Conclusion.

Android Root and its Providers: A double-edged sword Presented by: Peter Huang Paper written by: Hang Zhang, Dongdong She, Zhiyun Qian.

A Partial Survey of the Perfect Digital Watermark Problem.

OPERATING SYSTEMS (OS) By the end of this lesson you will be able to explain: 1. What an OS is 2. The relationship between the OS & application programs.

Welcome to the ICT Department Unit 3_5 Security Policies.

Lecture 18 Page 1 CS 236 Online Prolog to Lecture 18 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

ANS File Security Chapter # 29 ( Prepared by : Mazhar Javed ) 1 Data Security “Protection against loss, corruption of, or unauthorized access of data”

Protecting Memory What is there to protect in memory?

Evaluating New Copy-Prevention Techniques for Audio CDs

Chapter 14: Protection Modified by Dr. Neerja Mhaskar for CS 3SH3.

Protecting Memory What is there to protect in memory?

Protecting Memory What is there to protect in memory?

Outline Introduction Characteristics of intrusion detection systems

Content protection for 4k

By Jake Schmitt, Seth Raleigh, Neil McLain

Recovery System.

Modern PC operating systems

CSE451 Virtual Memory Paging Autumn 2002

CSC-682 Advanced Computer Security

Presentation transcript:

Evaluating New Copy-Prevention Techniques for Audio CDs J. Alex Halderman Princeton University Department of Computer Science

2 Copy-Resistant CDs - Overview Modified discs –Play on CD players, hard to read on PCs Response to “consumer piracy” Deliberate errors –Audio data / metadata Variations from several vendors Few discs today; many coming soon –BMG, EMI, etc.

3 Notable Drawbacks Primarily affects legitimate CD owners Confusing hardware/software errors Violates standards, bad engineering practice Effectiveness for reducing unlawful copying hasn’t been demonstrated

4 Interesting Questions for C.S. 1.Are they effective? 2.How do they work? 3.Can they be defeated? Who wants to know? Record companies, musicians, policy makers, software authors, music buyers, researchers

5 Music City, 2001 MediaCloQ (SunnComm) Tested Three Discs Columbia/Sony, 2002 key2audio (Sony) Universal, 2001 Cactus Data Shield (Midbar)

6 Not Addressed Why would anyone want to copy these discs?

7 Question 1 Are these techniques effective?

8 Test Configurations Covered range of deployed systems Operating System –Windows, Linux Hardware –Toshiba, Hitachi, IBM, Plextor drives Software –CD Player, MusicMatch, Nero, CloneCD (Windows) –CDP, CD Paranoia, CDR-DAO (Linux)

9 Test Results OSDriveSoftwareResult Win 98Toshiba*0/9 Win 2000 Hitachi IBM Sony CD Player MusicMatch Nero 0/9 CloneCD6/9 PlextorCD Player MusicMatch Nero 0/3 CloneCD3/3 LinuxHitachiCDP CDR-DAO 0/3 CD Paranoia1/3 PlextorCDP CDR-DAO 0/3 CD Paranoia3/3 Variety of errors –disc not detected invalid data crashes –Toshiba drive broken until reboot Most tests failed (62/75) Some successful –CD Paranoia, CloneCD (Plextor hardware)

10 Implications Seemingly effective today against deployed hardware, typical applications Some configurations already can play –Greater compatibility is possible Different modes of failure – Schemes use slightly different measures (more detail later)

11 Question 2 How do these techniques work?

12 How Do These Schemes Work? Exploit bugs, lack of robustness in hardware and software –Unexpected deviations from standards Two levels of failure –Hardware: Drives reject the discs (firmware) –Software: Apps fail even on “working” drives

13 Normal CD Structure Discs divided into tracks Tracks listed in table of contents (TOC) May be grouped into sessions Drives read TOC from each session, return list of tracks CD players only see session 1 Observed two main categories of deviations TOC Track 1 Track 2 … TOC Track … Session 1 Session 2 … CD players CD drives

14 Fake TOC Entries - Software Invalid TOC entries in session 2 –Bad track locations –Audio marked as data Drive returns invalid listing, fools software CD players only read first session, unaffected Real TOC Track 1 Track 2 … Fake TOC Session 1 Session 2 CD players CD drives Data Track

15 Fake Session Pointers - Hardware Session 2 contains pointer to fake session near outer edge of disk –Incomplete TOC, no lead out –Fatal errors in some hardware (e.g. Toshiba) Possible variations –No pointers to earlier sessions –Physical incompatibilities making earlier session hard to reach Real TOC Track 1 Track 2 … Fake TOC Session 1 Session 2 CD players CD drives Fake Session

16 Question 3 Can these techniques be defeated?

17 Felt-Tipped Pen Hack Hides last TOC containing invalid track/ session entries Drives see only first TOC, so disc can be read normally Outlaw felt-tipped pens! Last TOC area obscured by marker (Appeared on Chip.de early May 2002)

18 How to Adapt Hardware Direct fix — “compatibility mode” –Emulates CD player –Not even necessary Indirect fix — greater robustness –Fix bugs (firmware) –Better error reporting –More robust failure modes –Error interpolation

19 How to Adapt Software Bug fixes, greater robustness –Ignore obvious errors (warnings, not failure) –Scan for track starts by binary search –Interpolate over missing samples Changes ensure maximum compatibility with all faulty discs, not just copy-protected

20 Change is Underway Software –Audiograbber, CloneCD, and EAC have modes for handling protected discs Hardware –Plextor, others work today

21 Can They Be Defeated? Yes! –Offer minimal protection today, but will be easily adapted to (already happening) –Rate of adaptation proportional to rate of deployment –Schemes ineffective against copying in the near future (by the time they are widespread)

22 Conclusions Partial incompatibility with spec. won’t work –Software too easy to adapt and distribute Takes advantage of HW/SW flaws –Prohibiting circumvention would be to mandate bugs! Relies on stopping reading in most cases – but can be copied online if just some can read –True for tested discs –Circumvention easy, can’t be stopped everywhere

23 Conclusions In present form, these schemes are worse than useless –“Bad hacks” –Won’t prevent illegal copying –Inconveniences legitimate music owners –May make people less willing to buy CDs –Further alienates public from music industry Industry must find an alternative –DRM? New business model?